admission-control
Safeguard articles tagged "admission-control" — guides, analysis, and best practices for software supply chain and application security.
15 articles
Writing Rego policies for Kubernetes admission control and CI gates
Open Policy Agent graduated CNCF on Jan 29, 2021 — yet most teams still ship Rego with no default-deny, turning a policy gate into a rubber stamp.
Container and Kubernetes scanning in agent-driven DevOps, without new trust boundaries
Autonomous agents that rebuild and redeploy containers can patch a CVE in under an hour — or become a new privileged path to production if scanning isn't gated.
A hands-on introduction to Rego for Kubernetes admission control
OPA graduated CNCF on January 29, 2021, and Rego v1 became the default syntax in OPA v1.0.0 (Dec 2024) — here's how to write your first admission-control policies.
Kubernetes Admission Controllers for Security
Admission controllers are the policy chokepoint between a validated API request and a running workload. Used well, they enforce your entire security posture. Here is how validating webhooks, Kyverno, OPA, and the new CEL-based policies fit together.
Pod Security Standards: The Complete Guide
PodSecurityPolicy is gone. Pod Security Admission and the three Pod Security Standards are how you enforce baseline and restricted profiles in modern Kubernetes — here is how to adopt them without breaking workloads.
Kubernetes Admission Controller Policy Patterns in 2026
A field guide to the admission control patterns that survived contact with production clusters: validating webhooks, image policy, mutating defaults, and what to skip.
Safeguard Policy Evaluation Engine
How Safeguard's policy engine evaluates thousands of rules per artifact with predictable latency — the compiler, the cache layer, and the decision trail.
How to set up OPA Gatekeeper for Kubernetes admission con...
A step-by-step guide to OPA Gatekeeper Kubernetes admission control: install, write constraint templates, roll out safely, and verify enforcement.
What is Admission Control (Kubernetes)
Admission control is the last checkpoint in Kubernetes before an object is written to etcd — here's how webhooks, PSA, and policy engines enforce it.
Best Kubernetes admission control tools
A practical comparison of Kubernetes admission control tools — OPA/Gatekeeper, Kyverno, Kubewarden, Styra, jsPolicy, and Polaris — with real strengths, limits, and evaluation criteria.
How Snyk IaC's admission-time Kubernetes scanning differs...
How Snyk IaC's static manifest scanning, the Snyk Controller's in-cluster monitoring, and true Kubernetes admission control mechanically differ — and why the gap between them matters.
Kubernetes 1.30 and 1.31 Security Rundown
ValidatingAdmissionPolicy GA, VolumeSource for OCI artifacts, and anonymous API cleanup: what 1.30 and 1.31 change for cluster security posture.